[keycloak-dev] Scalability Problems with the admin console

[Eugen Stan]

Hi Gregor,

Replied to list as well.

La 25.07.2019 19:43, Gregor Tudan a scris:
> I like the idea. If I understood you right, you‘re proposing to request a new token after selecting a realm from the list in the admin console to edit this specific realm (maybe by the scope param)? 
>
> We would still need to come up with a different solution for finding out which realm the user is allowed to edit. That seems to be the main purpose of whoami right now.
>
> - Gregor

Yes, that is what I am proposing. In our application we thought about
using scopes like: `account:123` .

For the list if accounts there should be another API that will list all
of the realms the current user has access to.

I'm pretty sure the server side implementation should be simple.

So the Admin WebApp  will probably need some work and be prepared like this:

- use authenticates ( in a realm or in master ?! )

- Admin WebApp calls the list-accessible-realms API

- Admin WebApp displays the list of accessible realms

- User selects an account to manage

- Admin WebApp gets a token for that realm and uses it for the calls


You could look at it as two web applications:

The realm selector and the realm manager. In this case the realm id (and
the token to access it) is internal state for the realm manager application.


Regards,

Eugen